Fedora 7: 2007-3952 Critical: Firefox Cross-Site Scripting Flaw

This is a set of bindings for the GNOME-2.x libraries for use from Ruby.

Updated firefox packages that fix several security issues are now available for Fedora 7.

This update has been rated as having critical security impact by the Fedora Security Response Team.

Mozilla Firefox is an open source Web browser.

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

* Tue Nov 27 2007 Christopher Aillon 0.16.0-17

- Rebuild against newer gecko

* Tue Nov 13 2007 Alex Lancaster 0.16.0-16

- Fix my typo in BuildRequires

* Tue Nov 13 2007 Alex Lancaster 0.16.0-15

- Rebuild against gecko-libs and gecko-devel (firefox 2.0.0.9).

* Thu Oct 25 2007 Allisson Azevedo 0.16.0-14

- Rebuild against gecko-libs and gecko-devel

* Wed Oct 24 2007 Allisson Azevedo 0.16.0-13

- Rebuild against new firefox

* Thu Sep 13 2007 Allisson Azevedo 0.16.0-12

- Newpoppler.patch updated for poppler 0.6

* Sat Sep 8 2007 Allisson Azevedo 0.16.0-11

- Rebuild against new poppler

- Changed license to LGPLv2+

* Thu Aug 9 2007 Mamoru Tasaka 0.16.0-10

- Adjust to GLib 2.14 API + typo fix in glib module

* Thu Aug 9 2007 Allisson Azevedo 0.16.0-9

- Rebuild against new firefox

* Sat Aug 4 2007 Mamoru Tasaka 0.16.0-8

- Apply patch extracted from CVS to build glib gtk poppler

* Fri Jul 20 2007 Jesse Keating 0.16.0-7

- Rebuild against new firefox

* Thu May 31 2007 Allisson Azevedo 0.16.0-6

- New gecko engine

266a8a9045917f069290b92009a3baccf75d3a35 ruby-gnome2-debuginfo-0.16.0-17.fc7.ppc64.rpm

29280934ee2e94b36f9f1ae168454a64f120d9b4 ruby-rsvg-0.16.0-17.fc7.ppc64.rpm

47a8621afdbffed7c8fe0695f44186be4628380a ruby-gtksourceview-0.16.0-17.fc7.ppc64.rpm

1846b47cac1964541c2e36e35b713be50e310ba8 ruby-gnomeprintui2-0.16.0-17.fc7.ppc64.rpm

2f7d5026d50179c0856d83d6f80232874a4f3577 ruby-gnome2-0.16.0-17.fc7.ppc64.rpm

f77e52535ba0f17bc20b5708f30077efb189bcb9 ruby-gtk2-devel-0.16.0-17.fc7.ppc64.rpm

76e8a66586ed6e074ef222ec5409d190039baa43 ruby-gtk2-0.16.0-17.fc7.ppc64.rpm

2d7e1992fe8a16214b3742f4df84348a49e7ba76 ruby-atk-devel-0.16.0-17.fc7.ppc64.rpm

6cd14bc106c0048042d11a07bc35eda24dae0afe ruby-gconf2-0.16.0-17.fc7.ppc64.rpm

9921ef48737646b154d1d9d39ed32a3205e9403c ruby-panelapplet2-0.16.0-17.fc7.ppc64.rpm

ff512c7c52d394cefca89e4fcf8b6ab7f8c2118c ruby-gtkglext-0.16.0-17.fc7.ppc64.rpm

b93016ad55f2256a3c9b36d9c86b3c25e17f190d ruby-gnomecanvas2-0.16.0-17.fc7.ppc64.rpm

a2829b2ddc8c0b85478fcd299d415fcdd466efe9 ruby-pango-devel-0.16.0-17.fc7.ppc64.rpm

3bde9dab7a01a84aa6ebb12e8692d2428a98bbbf ruby-pango-0.16.0-17.fc7.ppc64.rpm

9ee5e42604e0b56800205a52b401da272d6d6ca5 ruby-gnomevfs-0.16.0-17.fc7.ppc64.rpm

297f1264ce1c2ed1d94ade6af876d88ccb700a43 ruby-libart2-devel-0.16.0-17.fc7.ppc64.rpm

40b3269156b58936d8bb2dba5ce4cc00720a0d65 ruby-libart2-0.16.0-17.fc7.ppc64.rpm

6d70cb2b3f3fd0239d9b0e3cf6bd9bb6f96c8658 ruby-glib2-0.16.0-17.fc7.ppc64.rpm

a3dc7ce3bf51a41311a7bb1022b7100011d1ed60 ruby-vte-0.16.0-17.fc7.ppc64.rpm

284b32358f953ae9639bd0adb402b33a168cd061 ruby-atk-0.16.0-17.fc7.ppc64.rpm

23ee24016bae5201d3e75cc546bfa8a1a513e208 ruby-gtkmozembed-0.16.0-17.fc7.ppc64.rpm

fb871a922c2bd613c7aa4db27e46901384ffa6df ruby-poppler-0.16.0-17.fc7.ppc64.rpm

9ad6e94d336d5e7b463a9aa506fc01492bb9505e ruby-gtkhtml2-0.16.0-17.fc7.ppc64.rpm

d561330a4de8901ec65a89d3e02d1369b09827ec ruby-gnomeprint2-0.16.0-17.fc7.ppc64.rpm

e562ec710b50eed88e57f7e377064ff6aebef429 ruby-glib2-devel-0.16.0-17.fc7.ppc64.rpm

31f61d03b7fb6e3587de5f4a20586b892c20eda2 ruby-libglade2-0.16.0-17.fc7.ppc64.rpm

c9d0cd569bf5748eba94a4e3ec40d2aed90fbe11 ruby-gdkpixbuf2-0.16.0-17.fc7.ppc64.rpm

e991bc4f82b07170006a70b1235ebe5747903ad8 ruby-gnome2-0.16.0-17.fc7.i386.rpm

ffa077ecd0e1eec5a37d4ae539125e7483fe320c ruby-gtk2-devel-0.16.0-17.fc7.i386.rpm

5f04a3ef6e584167a511e10f5163b732dceeea09 ruby-gtkglext-0.16.0-17.fc7.i386.rpm

9cc93b02c19c3ccc1e2246866e39a9af86e65af8 ruby-atk-0.16.0-17.fc7.i386.rpm

fe11f92972b009b82d66d6c8494368ee58b651da ruby-poppler-0.16.0-17.fc7.i386.rpm

fd0ca3708cf31d6ee280cefc033d4080b1e3f6a9 ruby-glib2-devel-0.16.0-17.fc7.i386.rpm

d41d0731d358431eba6272d480c2f1fcec9aa35a ruby-gnomecanvas2-0.16.0-17.fc7.i386.rpm

21aed4750552ffdf46026d68ec4d5a0e63b0ce98 ruby-gtk2-0.16.0-17.fc7.i386.rpm

f3cd9b27e77881d8392f26632be0c440564790b8 ruby-glib2-0.16.0-17.fc7.i386.rpm

bb0f9927f18993cdfa22d471bcc9b81899f1ed61 ruby-vte-0.16.0-17.fc7.i386.rpm

19fd02f3679c4ef14dcbbcee82ec2d9146e5bd78 ruby-gnomeprintui2-0.16.0-17.fc7.i386.rpm

3c8b590d98f552e369b2b75c368f91cda7f9a5f8 ruby-gnome2-debuginfo-0.16.0-17.fc7.i386.rpm

2d4a0d84b4599f402d6e93918b58abe57d58dea4 ruby-gnomeprint2-0.16.0-17.fc7.i386.rpm

f642f55df125729618c2c03b7ae9808b7970ce3d ruby-gtksourceview-0.16.0-17.fc7.i386.rpm

7cde2a764f6dae5e9bc7572651831b86d975116b ruby-libart2-0.16.0-17.fc7.i386.rpm

123fa28982044ce5b50389020c5e65915646c8b9 ruby-pango-devel-0.16.0-17.fc7.i386.rpm

a5d0f75577501978c6d1cb92d82f273d9ee2f6d1 ruby-gconf2-0.16.0-17.fc7.i386.rpm

a1ad6f5fefba86c78c861b10d6b59ffb5e844d6a ruby-gnomevfs-0.16.0-17.fc7.i386.rpm

a36d9a4bc2a8ef94f5ff47652980c09854f18f93 ruby-panelapplet2-0.16.0-17.fc7.i386.rpm

b4dbba2a446a2e611a967bf4f963997fb2aeb9be ruby-pango-0.16.0-17.fc7.i386.rpm

87e5687b0382d0a50c434ef0e6fcff16ff70befd ruby-libart2-devel-0.16.0-17.fc7.i386.rpm

721b4d16cfd11771dec26844649cb06f8c1ef80e ruby-gtkhtml2-0.16.0-17.fc7.i386.rpm

bb5fed4d49bdb8ebc20f43e3ac5702be7ad9b607 ruby-rsvg-0.16.0-17.fc7.i386.rpm

4c698658aed3cc6db129bdad44accdf6de9cf25a ruby-libglade2-0.16.0-17.fc7.i386.rpm

32582c18fb4e71fb93da362f4785a128438ed997 ruby-gdkpixbuf2-0.16.0-17.fc7.i386.rpm

6ddb86b3370002916658fae468102c688d93785a ruby-gtkmozembed-0.16.0-17.fc7.i386.rpm

c792dd97eb7a513bb8f1d9ee5cef961beef94e7c ruby-atk-devel-0.16.0-17.fc7.i386.rpm

08afe9c63681681aeeaea648b2320ca185147831 ruby-poppler-0.16.0-17.fc7.x86_64.rpm

5563fac5c3a65744eb6b2110db0b257c3ce31b27 ruby-libart2-devel-0.16.0-17.fc7.x86_64.rpm

0df99b4e6187b0f8f8688a297874f130e05c7d59 ruby-vte-0.16.0-17.fc7.x86_64.rpm

14abc5c517dea1369985b5f18410f3767b7426e3 ruby-panelapplet2-0.16.0-17.fc7.x86_64.rpm

1105a3e325c6aca19b391796d94cce869aab3c2c ruby-gdkpixbuf2-0.16.0-17.fc7.x86_64.rpm

c6689db8b0321a4df2f68482310a31c1bb6c54fc ruby-gtksourceview-0.16.0-17.fc7.x86_64.rpm

f075c0569b819172d5483dea49e3b83c2a15ae01 ruby-gtkmozembed-0.16.0-17.fc7.x86_64.rpm

49e0b9f9d2c95b49d956d45449bede33a0227ca0 ruby-gnomecanvas2-0.16.0-17.fc7.x86_64.rpm

b9af10f90a9801d80e62f8003a3436cb33aa10b4 ruby-gtkglext-0.16.0-17.fc7.x86_64.rpm

c31c60e4bb861fe44a4f680c5595bdaf782b58e9 ruby-atk-devel-0.16.0-17.fc7.x86_64.rpm

59127f466864095e17c897c58c049a464750640e ruby-pango-devel-0.16.0-17.fc7.x86_64.rpm

17a2098beb71f9bcf80c574179588f4cb1a3c8c7 ruby-gconf2-0.16.0-17.fc7.x86_64.rpm

9bc0974fa145aa9903e5fd4fc4108dad7676edf2 ruby-glib2-0.16.0-17.fc7.x86_64.rpm

4656936a56816684492b4972454b95d7d4622f8e ruby-gnomevfs-0.16.0-17.fc7.x86_64.rpm

e1ffb04597426c37c9c210b9ba77ae6bf729e95d ruby-glib2-devel-0.16.0-17.fc7.x86_64.rpm

2b1cd9f6a143f4b77167a581b6ae81528d4b67ad ruby-gnomeprint2-0.16.0-17.fc7.x86_64.rpm

19d5f3a578cc0fc540ba8397f459a3cbee933d69 ruby-gnomeprintui2-0.16.0-17.fc7.x86_64.rpm

003dc5901e6a3e5c5608bf0f908dc4067601b929 ruby-gtk2-0.16.0-17.fc7.x86_64.rpm

a4343804a64e11025d28eec5853e9675608a5d3a ruby-rsvg-0.16.0-17.fc7.x86_64.rpm

187290ece5b9be3c4664ec78fd38e0e32bec1f5a ruby-pango-0.16.0-17.fc7.x86_64.rpm

19899bb4a1d9ac7d51a7b1fad53322a909a7d768 ruby-atk-0.16.0-17.fc7.x86_64.rpm

ddc2eb512d2ba949f8e0b3bc2d9ffafc4d246327 ruby-libart2-0.16.0-17.fc7.x86_64.rpm

096f6012a949424f0dcd96ba27934af1bf341e7c ruby-gnome2-debuginfo-0.16.0-17.fc7.x86_64.rpm

4fd336ca92ed81241ca18c4b84e23f53e66cf08f ruby-gnome2-0.16.0-17.fc7.x86_64.rpm

5e1b9db6d1856328c0a335723577aa31fa6aa6de ruby-gtkhtml2-0.16.0-17.fc7.x86_64.rpm

6b5c2ae417f9712ec6ee26aec077838d294a6282 ruby-libglade2-0.16.0-17.fc7.x86_64.rpm

49a03ee19cecdb392bed79cf42a021bb7ab99338 ruby-gtk2-devel-0.16.0-17.fc7.x86_64.rpm

0810589138a37b3ef49b85e919a04844f263672c ruby-gnomevfs-0.16.0-17.fc7.ppc.rpm

06a3d39d81e99fb3663e7f720f0f97e9ed29f28d ruby-gnome2-debuginfo-0.16.0-17.fc7.ppc.rpm

22f718b00fc452b0e5df98c4c0ccd630ff795a17 ruby-gtk2-0.16.0-17.fc7.ppc.rpm

dfc7f30bd28125c53cd13a0d06ca02c99472af93 ruby-gnomeprint2-0.16.0-17.fc7.ppc.rpm

28f7c73cdcb35c3f608a113aa059e1ce9dffddf5 ruby-gtk2-devel-0.16.0-17.fc7.ppc.rpm

5e7ca7168969a35360c24e62723dcbe9be572609 ruby-pango-0.16.0-17.fc7.ppc.rpm

11d819704f6c9990cf654c877a15a3ef0b21f85a ruby-atk-0.16.0-17.fc7.ppc.rpm

42f80d969f61181af6c436ede15fdb3a67874089 ruby-gnomecanvas2-0.16.0-17.fc7.ppc.rpm

4fc18ea9c6e86d5de3f92851485e300e47a107d2 ruby-gnome2-0.16.0-17.fc7.ppc.rpm

334c316f770d2444f729d6aac37f8b7d1b131d48 ruby-glib2-0.16.0-17.fc7.ppc.rpm

ab8369f2bcbaaa198a654aa726dae78af2df5698 ruby-gtkglext-0.16.0-17.fc7.ppc.rpm

c31d97646ffb28510a964be406f8ffb8e63b7015 ruby-pango-devel-0.16.0-17.fc7.ppc.rpm

74b93402ed381e4401eedeb380e8fc27fb93f2e9 ruby-libart2-0.16.0-17.fc7.ppc.rpm

fd34eb4bfe2c3ef9e54640479bb4779679189944 ruby-gtkhtml2-0.16.0-17.fc7.ppc.rpm

7e7dcafe9fb321949b1eaad3fbef98b4e53a9417 ruby-vte-0.16.0-17.fc7.ppc.rpm

0899c03084776f8e034056afa16e30f5c8c275f7 ruby-libart2-devel-0.16.0-17.fc7.ppc.rpm

d6ba704ba0972157fae01f52646271ae3ae665ae ruby-atk-devel-0.16.0-17.fc7.ppc.rpm

8067fe584e9b037e86c69e76b3fa2275addacb63 ruby-glib2-devel-0.16.0-17.fc7.ppc.rpm

74ac7b657156490ff0de8047c56ebbdfc692fd57 ruby-gtkmozembed-0.16.0-17.fc7.ppc.rpm

fe76051dd37eec69f87640e5dc6d46ddac3f8b9b ruby-gnomeprintui2-0.16.0-17.fc7.ppc.rpm

cb501ba0e93731ddf7707ee0ca250a87ab38a2e5 ruby-gdkpixbuf2-0.16.0-17.fc7.ppc.rpm

6953aca393d2fcb2b5c7eae47b38a3458ea4489c ruby-libglade2-0.16.0-17.fc7.ppc.rpm

ff497e53ec79384d04d837f0d2d7b39f0ce88061 ruby-rsvg-0.16.0-17.fc7.ppc.rpm

9a308ecffa86032e949ff80c5fea36db2d17bdd5 ruby-gtksourceview-0.16.0-17.fc7.ppc.rpm

fc99a8b38f0afcbf2385ad94f1ed890381a3ea54 ruby-panelapplet2-0.16.0-17.fc7.ppc.rpm

602837d1fcd30298135bb7885d49c001e510d40a ruby-poppler-0.16.0-17.fc7.ppc.rpm

28a688c03a98189dbc0451e9b17751e1e7a1f182 ruby-gconf2-0.16.0-17.fc7.ppc.rpm

9b4ebb0948e03fb56be8cb56c992537db056e0f5 ruby-gnome2-0.16.0-17.fc7.src.rpm

This update can be installed with the "yum" update program. Use

su -c 'yum update ruby-gnome2'

at the command line. For more information, refer to "Managing Software

with yum", available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/